User Manager For Wireless & DHCP Server Radius
Radius is short for Remote Authentication Dial In User Service, is a network protocol that runs the service management Authentication, Authorization, and Accounting (AAA) for centrally connected users and want to use the resource in the network.
MikroTik has a feature called UserManager radius server. UserManager that will make it easier when we want to create a network service that didistribusaikan widely, eg hotspots in cafes, malls, hotels and so on. By using this UserManager we can simply create a user account on the main router and the user account can be used or accessed from router DHCP / Wireless. Picture of the network topology that uses UserManager as the radius server:
With the above example topology we run UserManager radius server in the primary router connected directly to the internet. In the edge router running wireless and dhcp server for the local network. Then we will use the UserManager for memanagement client that will connect to the router's DHCP / Wireless. That said, this function will replace the function UserManager Static DHCP Lease on Server and Wireless Access List function. This means that the client will not be able to connect before the mac-address listed on the Radius Server.
First the settings first in the DHCP & Wireless Router as Radius Client. Go to the menu "Radius". Check the DHCP & Wireless, because of DHCP users and wireless users will later be managed by the UserManager. In the "Address", we point to the IP address of the primary router running the service User Manager.
In the example above, we use the IP address 127.0.0.1 for service and service UserManager DHCP / Wireless still be in the same router. If the real implementation, when a UserManager separate router with a DHCP router / Wireless, IP address with the IP Address of your content routers that run the service UserManager.
Do not forget in the DHCP server settings, check the option "Use Radius". Go to the menu IP -> DHCP Server -> Tab "Servers, double-click the DHCP server for setting properties.
So is the wireless security profile, so that wireless clients can be managed by the UserManager. Go to the Wireless menu -> click on the tab "Security Profiles". Create a new Security Profiles, the RADIUS tab, click the option "MAC Authentication".
Setting The Radius Client-side has been completed. Then now we will start setting in Radius Server-side UserManager. Add radius client router (Router DHCP & Wireless) on the UserManager. Go to the web-base manager to address user http://ip-router/userman
Login page will appear UserManager web-base, by default we can login with the admin user password is empty. On the page that we will be setting UserManager. To add a Radius client router, go to "Router", then click "Add".
Lastly, create a user in the UserManager with the mac-address DHCP client or Wireless as the username. Go to the menu "User" -> click "Add". Fill in the client mac-address as the username.
If the DHCP client or wireless connect successfully, then the limitations that have been made in the UserManager will apply. In setting UserManager limitation, we limit the bandwidth of 256kbps. Then the router will automatically create a dynamic queue that will melimit DHCP client / Wireless are successfully connected.
With this UserManager us instead of setting static leases on the DHCP
Server and the Access List in wireless becomes centralized.
If no UserManager we need to set a static lease and Access List on each
router, with the radius server, we are setting in the router enough
radius server, then the client is connected from the router will use the
Radius client authentication from radius server.
No comments:
Post a Comment